<?php
// MyMyUNSW: login page
// Written by John Shepherd, May 2007

require("../lib/defs.php");
libs("forms");
session_start(); 
$db = dbConnect(DBCONN); 
$thisURL = setURL();

// Parameters

$v = getParams(array(
	'coursecode'    => array("string","optional"),
	'password'  => array("string","optional"),
	'returnto'  => array("string","optional","index.php")
));

// State

//if (isset($_SESSION['classID']))
if (isLoggedIn())
	goto("index.php"); // already logged in
else {
	if ($v["coursecode"] == "" && $v["password"] == "")
		$state = "Login";
	elseif ($v["coursecode"] != "" && $v["password"] != "")
		$state = "LoggingIn";
	else {
		$state = "Login";
		$err = "Must supply both course code and password";
	}
}

// Processing

switch ($state) {
case "LoggingIn":
	$err = attemptLogin($db,$v["coursecode"],$v["password"]);
	if ($err != "")
		$state = "Login";
	else
		$state = "LoggedIn";
	break;
default:
	$err = "";
	break;
}

// Display (none)

switch ($state) {
case "LoggedIn":
	goto($v["returnto"]);
	break;
case "Login":
	echo startPage("Login");
	echo loginForm($v["coursecode"],$v["password"],$v["returnto"],$err);
	echo endPage(true);
	break;
}


// Helper functions

// attemptLogin: match coursecode/password and return error message

function attemptLogin($db,$coursecode,$password)
{
	// coursecode/password checking
   
   $currentTime = time();
   $currentDateTime = date("Y-m-d H:i:s", time());
   //$currentDateTime = date_create_from_format("Y-mm-d H:mm:ss");
   //echo $currentDateTime;

	$q = "select * "."from CheckCourseLoginDetails('".$coursecode."','".$password."','".$currentDateTime."')";
	$u = dbOneTuple($db, mkSQL($q, $coursecode));
   if ($u["result"] == "f") {
      return $u["description"];
   }
	//if (!def($u)) return "Invalid course code";
	//if ($coursecode == 0) $u["utype"] = "admin";
#	$cryptpwd = crypt($password,$u["password"]);
#	if ($cryptpwd != $u["password"]) return "Invalid Password";
#	if ($password != $u["password"]) return "Invalid Password";
   $startTime = date("H:i D, d M",$u["startTime"]);
   //if ($startTime == userClassStartTime()) {
      //session_destroy();
      //session_start();
   //}
   $_SESSION["startTime"] = $startTime;
   $finishTime = date("H:i D, d M",$u["finishTime"]);
   $_SESSION["finishTime"] = $finishTime;
	$_SESSION['classID'] = $u["id"];
	$_SESSION['courseName'] = $u["description"];
   $_SESSION["loggedIn"] = true;
	//$_SESSION['myType'] = $u["utype"];
	//return ""; // empty return => success
   return "";
}

// displayLogin: display the login form to collect coursecode/password

function loginForm($coursecode,$password,$url,$err)
{
	$html  = "<center>\n".startForm()."\n";
	$html .= "<table cellpadding='8' border='0>\n";
	$value = ($url == "") ? urlencode("index.php") : urlencode($url);
	$html .= "<input name='return' type='hidden' value='$value'>";
	$html .= "<tr><td align='right'><b>Course Code:</b></td>\n";
	$value = ($coursecode == "") ? "" : " value='$coursecode'";
	$html .= "<td><input name='coursecode' type='text' size='10'$value></td>";
	$html .= "</tr>\n<tr><td align='right'><b>Password:</b></td>";
	$html .= "<td><input name='password' type='password' size='10'></td>";
	$html .= "</tr>\n<tr><td>&nbsp;</td>";
	$html .= "<td><input type='submit' value='Login'></td>";
	$html .= "</tr>\n</table>\n".endForm();
	if ($err != "") $html .= "<p>\n".message($err)."\n";
	$html .= "</center>\n";
	return $html;
}

?>
